From owner-freebsd-security  Thu May 21 10:08:20 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA12787
          for freebsd-security-outgoing; Thu, 21 May 1998 10:08:20 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from fledge.watson.org (root@COPLAND.CODA.CS.CMU.EDU [128.2.222.48])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA12773
          for <freebsd-security@FreeBSD.ORG>; Thu, 21 May 1998 10:08:13 -0700 (PDT)
          (envelope-from robert@cyrus.watson.org)
Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.8.8/8.8.8) with SMTP id NAA29520;
	Thu, 21 May 1998 13:07:59 -0400 (EDT)
Date: Thu, 21 May 1998 13:07:58 -0400 (EDT)
From: Robert Watson <robert@cyrus.watson.org>
X-Sender: robert@fledge.watson.org
Reply-To: Robert Watson <robert+freebsd@cyrus.watson.org>
To: Philippe Regnauld <regnauld@deepo.prosa.dk>
cc: freebsd-security@FreeBSD.ORG
Subject: Re: Virus on FreeBSD
In-Reply-To: <19980521181555.59333@deepo.prosa.dk>
Message-ID: <Pine.BSF.3.96.980521130704.29242A-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from QUOTED-PRINTABLE to 8bit by hub.freebsd.org id KAA12777
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk


>From a quick examination of kern/kern_lkm.c, it appears that if the
securelevel > 0, changes to LKMs are not allowed (load, unload, etc).

On Thu, 21 May 1998, Philippe Regnauld wrote:

> Greg A. Woods writes:
> 
> > Anyone who's read that article and has even the tiniest amount of
> > imagination would *NEVER* run LKMs on a production machine.  Sure
> 
> 	BTW, is there a mechanism to disable loading of LKMs ?
> 	(of course, removing the modload command is one way) -- I was
> 	thinking about something that looked at the securelevel
> 	and refused to load/unload a module depending on it.
> 
> -- 
>  -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]-
>      «Pluto placed his bad dog at the entrance of Hades to keep the dead
>       IN and the living  OUT!  The archetypical corporate firewall?»
>                                                        - S. Kelly Bootle
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe security" in the body of the message
> 


  Robert N Watson 


----
Carnegie Mellon University  http://www.cmu.edu/
Trusted Information Systems http://www.tis.com/
SafePort Network Services   http://www.safeport.com/
robert@fledge.watson.org    http://www.watson.org/~robert/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message